Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ARP send request to wrong ip #8269

Closed
flycatr opened this issue Sep 27, 2014 · 5 comments
Closed

ARP send request to wrong ip #8269

flycatr opened this issue Sep 27, 2014 · 5 comments

Comments

@flycatr
Copy link

flycatr commented Sep 27, 2014

How to reproduce:

  1. Run a container and connect to external PPTP server. Make sure client successfully connected (ppp0 interface appear when typing ifconfig). Check container ip (e.g 172.17.0.2)
  2. Stop container.
  3. Repeat step 1. This time PPTP client failed to connect. Check container ip (e.g 172.17.0.3)

Analysis:
From tcpdump (tcpdump -i vethxxxx), arp is sending request to previous ip172.17.0.2, but the current container ip is 172.17.0.3. Below is an excerpt from tcpdump output:

....
12:12:03.565472 IP 172.17.0.3.34739 > au1.vyprvpn.com.1723: Flags [.], ack 189, win 119, options [nop,nop,TS val 1746395 ecr 3707168897], length 0
12:12:03.565906 IP 172.17.0.3 > au1.vyprvpn.com: GREv1, call 30446, seq 1, length 36: LCP, Conf-Request (0x01), id 1, length 22
12:12:03.617655 ARP, Request who-has 172.17.0.2 tell 172.17.42.1, length 28
12:12:04.614870 ARP, Request who-has 172.17.0.2 tell 172.17.42.1, length 28
12:12:05.614837 ARP, Request who-has 172.17.0.2 tell 172.17.42.1, length 28
....

Workaround:
Restart docker service before running again container - service docker restart
This was referenced Sep 30, 2014
Merged
Closed
@aluzzardi
Copy link
Member

Thanks @flycatr for the bug report.

Could you provide some additional information (docker version etc), as described in:
https://github.com/docker/docker/blob/master/CONTRIBUTING.md#reporting-issues

@flycatr
Copy link
Author

flycatr commented Oct 1, 2014

Here are more informations (my machine is ubuntu 14.04):

root@mail:~# uname -a
Linux mail.testmachine 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

root@mail:~# docker version
Client version: 1.2.0
Client API version: 1.14
Go version (client): go1.3.1
Git commit (client): fa7b24f
OS/Arch (client): linux/amd64
Server version: 1.2.0
Server API version: 1.14
Go version (server): go1.3.1
Git commit (server): fa7b24f

root@mail:~# docker -D info
Containers: 2
Images: 24
Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Dirs: 28
Execution Driver: native-0.2
Kernel Version: 3.13.0-32-generic
Operating System: Ubuntu 14.04.1 LTS
Debug mode (server): false
Debug mode (client): true
Fds: 15
Goroutines: 14
EventsListeners: 0
Init Path: /usr/bin/docker
WARNING: No swap limit support

... and here are how my arp cache looks like during the process:

Before running any container.

Address                  HWtype  HWaddress           Flags Mask            Iface
128.199.128.1            ether   00:00:5e:00:02:64   C                     eth0

Start a container, and run pptp client. Client connected to ppp server.

Address                  HWtype  HWaddress           Flags Mask            Iface
172.17.0.3               ether   0e:f1:cf:dc:1e:f5   C                     docker0
128.199.128.1            ether   00:00:5e:00:02:64   C                     eth0

Re-run again (stop & start the same container).

Address                  HWtype  HWaddress           Flags Mask            Iface
172.17.0.3                       (incomplete)                              docker0
172.17.0.4               ether   1a:d1:2c:b8:69:4e   C                     docker0
128.199.128.1            ether   00:00:5e:00:02:64   C                     eth0

Something is very wrong if arp result is showing incomplete word. It should not be there in the first place.

Here is my ip neigh result:

root@mail:~# ip neigh
172.17.0.3 dev docker0  FAILED
172.17.0.4 dev docker0 lladdr 1a:d1:2c:b8:69:4e REACHABLE
128.199.128.1 dev eth0 lladdr 00:00:5e:00:02:64 REACHABLE

@flycatr
Copy link
Author

flycatr commented Oct 2, 2014

This is my docker command:

docker run -i -t --name chromecast_1 --rm --device=/dev/ppp --cap-add=NET_ADMIN chromecast_img pppd call au1.vyprvpn dump debug

@aluzzardi aluzzardi mentioned this issue Oct 3, 2014
Merged
MalteJ added a commit to MalteJ/docker that referenced this issue Oct 3, 2014
@MalteJ
Generate MAC-Address based on IPv4 address
36e71e3 
Credits to Andrea Luzzardi (GitHub: @aluzzardi) for implementation.
Integrates and closes moby#8371, fixes moby#4033
Relates to moby#4581, moby#5737, moby#8269, moby#8297

Signed-off-by: Malte Janduda <mail@janduda.net>
@aluzzardi
Copy link
Member

@flycatr: Can you retry out of master?

@flycatr
Copy link
Author

flycatr commented Oct 4, 2014

It works! Problem solved. Thank you!!!!

$ docker -v
Docker version 1.2.0-dev, build 84d9fd3

Here are my arp results:

Before running any container

Address                  HWtype  HWaddress           Flags Mask            Iface
128.199.128.1            ether   00:00:5e:00:01:65   C                     eth0

Container first run

Address                  HWtype  HWaddress           Flags Mask            Iface
172.17.0.18              ether   02:42:ac:11:00:12   C                     docker0
128.199.128.1            ether   00:00:5e:00:01:65   C                     eth0

The same container, stop and start again

Address                  HWtype  HWaddress           Flags Mask            Iface
172.17.0.18              ether   02:42:ac:11:00:12   C                     docker0
128.199.128.1            ether   00:00:5e:00:01:65   C                     eth0

Good job @aluzzardi & friends ! 👍

@flycatr flycatr closed this as completed Oct 4, 2014
nathanleclaire pushed a commit to nathanleclaire/docker that referenced this issue Oct 12, 2014
@aluzzardi @nathanleclaire
Support for consistent MAC address.
4744eed 
Right now, MAC addresses are randomly generated by the kernel when
creating the veth interfaces.

This causes different issues related to ARP, such as moby#4581, moby#5737 and moby#8269.

This change adds support for consistent MAC addresses, guaranteeing that
an IP address will always end up with the same MAC address, no matter
what.

Since IP addresses are already guaranteed to be unique by the
IPAllocator, MAC addresses will inherit this property as well for free.

Consistent mac addresses is also a requirement for stable networking (moby#8297)
since re-using the same IP address on a different MAC address triggers the ARP
issue.

Finally, this change makes the MAC address accessible through docker
inspect, which fixes moby#4033.

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aluzzardi @flycatr